SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal Vulnerability

Bugtraq ID:	22769
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 01 2007 12:00AM
Updated:	Mar 01 2007 09:25PM
Credit:	Chris Travers is credited with the discovery of this vulnerability.
Vulnerable:	SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledger 2.6.18 SQL-Ledger SQL-Ledger 2.6.17 SQL-Ledger SQL-Ledger 2.4.7 LedgerSMB LedgerSMB 1.1 LedgerSMB LedgerSMB 1.1 LedgerSMB LedgerSMB 1.0 p1 LedgerSMB LedgerSMB 1.0
Not Vulnerable:	LedgerSMB LedgerSMB 1.1.5

SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal Vulnerability

SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability.

An attacker can exploit this issue to restrieve arbitrary files located on the vulnerable computer in the context of the webserver process.

The attacker may also exploit this issue to overwrite files. This will allow attackers to delete or change passwords, add user accounts, and execute arbitrary PERL script code in the context of the affected application. Other attacks may be also possible.

The following are reported vulnerable to this issue:

- LedgerSMB versions prior to 1.1.5
- All versions of SQL-Ledger

SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal Vulnerability

Attackers can exploit this issue via a browser.

SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal Vulnerability

Solution:
This issue has been fixed in LedgerSMB version 1.1.5. A fix for SQL-Ledger is not available at this time.

Please see the references for more information.

SQL-Ledger/LedgerSMB Template Editing File Parameter Directory Traversal Vulnerability

References:

• Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger (Chris Travers)
  
• LedgerSMB Website (LedgerSMB)
  
• SQL-Ledger Web Site (SQL-Ledger)